{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,12,26]],"date-time":"2025-12-26T04:20:34Z","timestamp":1766722834104,"version":"3.48.0"},"reference-count":22,"publisher":"Springer Science and Business Media LLC","issue":"1","license":[{"start":{"date-parts":[[2025,12,26]],"date-time":"2025-12-26T00:00:00Z","timestamp":1766707200000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0"},{"start":{"date-parts":[[2025,12,26]],"date-time":"2025-12-26T00:00:00Z","timestamp":1766707200000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":["Cybersecurity"],"abstract":"<jats:title>Abstract<\/jats:title>\n                  <jats:p>Microservice architecture faces security issues due to the large scale of services, resulting in a large attack surface. Integrating the concept of \u201ccontinuous authentication, never trust\u201d from the zero-trust security model into the access control of microservices has been extensively studied, but current microservice access control mechanisms still face issues like poor adaptability, inadequate security measures, and limited control capabilities, failing to fully implement zero-trust principles. In response, this paper proposes a dynamic trust evaluation and access control model named GATAC, based on machine learning and a game-theoretic reward-punishment algorithm. To meet the need for dynamic and highly accurate access evaluation, the model first introduces a trust computation method that enhances the FORBP neural network using random forest. Furthermore, to improve the access control capability of microservices, a game state based reward and punishment algorithm (MICGA) is proposed to encourage honest user access behaviors. Experimental results indicate that the proposed solution outperforms existing access control mechanisms in terms of accuracy, resistance to attacks, and adaptability.<\/jats:p>","DOI":"10.1186\/s42400-025-00520-z","type":"journal-article","created":{"date-parts":[[2025,12,26]],"date-time":"2025-12-26T03:01:32Z","timestamp":1766718092000},"update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":0,"title":["Gatac: Research on microservice access control techniques based on trust assessment and game analysis"],"prefix":"10.1186","volume":"8","author":[{"ORCID":"https:\/\/orcid.org\/0009-0003-9104-7524","authenticated-orcid":false,"given":"Zhangwen","family":"Li","sequence":"first","affiliation":[]},{"ORCID":"https:\/\/orcid.org\/0000-0003-4763-4302","authenticated-orcid":false,"given":"Xuehui","family":"Du","sequence":"additional","affiliation":[]},{"ORCID":"https:\/\/orcid.org\/0009-0009-9600-560X","authenticated-orcid":false,"given":"Xiangyu","family":"Wu","sequence":"additional","affiliation":[]},{"ORCID":"https:\/\/orcid.org\/0000-0002-9644-3812","authenticated-orcid":false,"given":"Aodi","family":"Liu","sequence":"additional","affiliation":[]},{"ORCID":"https:\/\/orcid.org\/0009-0000-0506-1003","authenticated-orcid":false,"given":"Shihao","family":"Wang","sequence":"additional","affiliation":[]}],"member":"297","published-online":{"date-parts":[[2025,12,26]]},"reference":[{"key":"520_CR1","unstructured":"Alghamdi L (2025) Improving smart home access control mechanisms to account for community-based sharing beyond the home"},{"key":"520_CR2","doi-asserted-by":"publisher","first-page":"26362","DOI":"10.1109\/ACCESS.2019.2901023","volume":"7","author":"H Al-Hamadi","year":"2019","unstructured":"Al-Hamadi H, Chen R, Cho J-H (2019) Trust management of smart service communities. IEEE Access 7:26362\u201326378","journal-title":"IEEE Access"},{"key":"520_CR3","unstructured":"Benantar M (2006) Mandatory-access-control model. In: Access control systems: security, identity management and trust models, pp. 129\u2013146"},{"key":"520_CR4","doi-asserted-by":"publisher","first-page":"540","DOI":"10.1109\/TIFS.2023.3326975","volume":"19","author":"Y Ge","year":"2023","unstructured":"Ge Y, Zhu Q (2023) Gazeta: game-theoretic zero-trust authentication for defense against lateral movement in 5G iot networks. IEEE Trans Inf Forensics Secur 19:540\u2013554","journal-title":"IEEE Trans Inf Forensics Secur"},{"key":"520_CR5","doi-asserted-by":"crossref","unstructured":"Gu C, Luo F, Li Y, Ding W (2018) Dynamic access control model based on fahp in cloud environment. In: 2018 IEEE 4th international conference on computer and communications (ICCC), pp. 1938\u20131943. IEEE","DOI":"10.1109\/CompComm.2018.8780863"},{"issue":"2","key":"520_CR6","doi-asserted-by":"publisher","first-page":"85","DOI":"10.1109\/MC.2015.33","volume":"48","author":"VC Hu","year":"2015","unstructured":"Hu VC, Kuhn DR, Ferraiolo DF, Voas J (2015) Attribute-based access control. Computer 48(2):85\u201388","journal-title":"Computer"},{"issue":"4","key":"520_CR7","doi-asserted-by":"publisher","first-page":"2304","DOI":"10.1109\/TDSC.2021.3054331","volume":"19","author":"L Karimi","year":"2021","unstructured":"Karimi L, Aldairi M, Joshi J, Abdelhakim M (2021) An automatic attribute-based access control policy extraction from access logs. IEEE Trans Dependable Secure Comput 19(4):2304\u20132317","journal-title":"IEEE Trans Dependable Secure Comput"},{"issue":"2","key":"520_CR8","first-page":"1292","volume":"19","author":"DE Kouicem","year":"2020","unstructured":"Kouicem DE, Imine Y, Bouabdallah A, Lakhlef H (2020) Decentralized blockchain-based trust management protocol for the internet of things. IEEE Trans Dependable Secure Comput 19(2):1292\u20131306","journal-title":"IEEE Trans Dependable Secure Comput"},{"issue":"7","key":"520_CR9","doi-asserted-by":"publisher","first-page":"7739","DOI":"10.1109\/TMC.2023.3339652","volume":"23","author":"Z Li","year":"2023","unstructured":"Li Z, Wang J, Long S, Fu J, Yang M, Weng J (2023) A trust evaluation joint active detection method in video sharing d2d networks. IEEE Trans Mob Comput 23(7):7739\u20137752","journal-title":"IEEE Trans Mob Comput"},{"key":"520_CR10","doi-asserted-by":"crossref","unstructured":"Liang Y, Cao H, Gong Y, Wang X, Li X (2023) Trust access control method of power metering automation system based on k nearest neighbor algorithm. In: 2023 11th international conference on information technology: IoT and smart city (ITIoTSC), pp. 160\u2013163. IEEE","DOI":"10.1109\/ITIoTSC60379.2023.00035"},{"key":"520_CR11","unstructured":"Li T, Zhu Q (2024) Symbiotic game and foundation models for cyber deception operations in strategic cyber warfare. arXiv preprint arXiv:2403.10570"},{"issue":"18\u201320","key":"520_CR12","doi-asserted-by":"publisher","first-page":"70185","DOI":"10.1002\/cpe.70185","volume":"37","author":"AA Mawgoud","year":"2025","unstructured":"Mawgoud AA, Taha MHN, Loey M, Hussain Malik M, Khalifa NE (2025) Enhancing data privacy and trust in e-learning: a blockchain-based access control protocol for cloud educational systems. Concurr Comput Pract Exp 37(18\u201320):70185","journal-title":"Concurr Comput Pract Exp"},{"issue":"9","key":"520_CR13","doi-asserted-by":"publisher","first-page":"571","DOI":"10.1016\/0140-3664(90)90008-5","volume":"13","author":"J Moffett","year":"1990","unstructured":"Moffett J, Sloman M, Twidle K (1990) Specifying discretionary access control policy for distributed systems. Comput Commun 13(9):571\u2013580","journal-title":"Comput Commun"},{"key":"520_CR14","doi-asserted-by":"publisher","DOI":"10.1109\/TIFS.2025.3566534","author":"M Piana","year":"2025","unstructured":"Piana M, Ardizzon F, Tomasin S (2025) Challenge-response to authenticate drone communications: a game theoretic approach. IEEE Trans Inf Forensics Security. https:\/\/doi.org\/10.1109\/TIFS.2025.3566534","journal-title":"IEEE Trans Inf Forensics Security"},{"key":"520_CR15","doi-asserted-by":"publisher","DOI":"10.1016\/j.adhoc.2025.103872","author":"Y Ren","year":"2025","unstructured":"Ren Y, Li Z, Yang Y, Yu H, Zhao Y, Wei X (2025) A dynamic trust evaluation scheme based on cross-domain trust inheritance for vanets. Ad Hoc Netw. https:\/\/doi.org\/10.1016\/j.adhoc.2025.103872","journal-title":"Ad Hoc Netw"},{"key":"520_CR16","doi-asserted-by":"crossref","unstructured":"Sandhu RS (1998) Role-based access control. In: Advances in computers, vol. 46, pp. 237\u2013286. Elsevier, Amsterdam","DOI":"10.1016\/S0065-2458(08)60206-5"},{"key":"520_CR17","doi-asserted-by":"crossref","unstructured":"Shao P, Jin S (2021) A dynamic access control model based on game theory for the cloud. In: 2021 IEEE global communications conference (GLOBECOM), pp. 1\u20136. IEEE","DOI":"10.1109\/GLOBECOM46510.2021.9685619"},{"key":"520_CR18","doi-asserted-by":"crossref","unstructured":"Tao Y, Zeng F (2023) A trust evaluation based attribute-based access control model for smart home. In: 2023 9th international conference on big data computing and communications (BigCom), pp. 64\u201371. IEEE","DOI":"10.1109\/BIGCOM61073.2023.00017"},{"key":"520_CR19","doi-asserted-by":"crossref","unstructured":"Yao Q, Wang Q, Zhang X, Fei J (2020) Dynamic access control and authorization system based on zero-trust architecture. In: Proceedings of the 2020 1st international conference on control, robotics and intelligent system, pp. 123\u2013127","DOI":"10.1145\/3437802.3437824"},{"key":"520_CR20","doi-asserted-by":"publisher","first-page":"102082","DOI":"10.1016\/j.inffus.2023.102082","volume":"103","author":"X You","year":"2024","unstructured":"You X, Hou F, Chiclana F (2024) A reputation-based trust evaluation model in group decision-making framework. Inf Fus 103:102082","journal-title":"Inf Fus"},{"key":"520_CR21","first-page":"27","volume-title":"Foundations of cyber resilience: the confluence of game, control, and learning theories","author":"Q Zhu","year":"2025","unstructured":"Zhu Q (2025) Foundations of cyber resilience: the confluence of game, control, and learning theories. Springer Nature Switzerland, Berlin, pp 27\u201358"},{"key":"520_CR22","doi-asserted-by":"crossref","unstructured":"Zhu Q, Basar T (2024) Disentangling resilience from robustness: contextual dualism, interactionism, and game-theoretic paradigms. arXiv preprint arXiv:2403.06299","DOI":"10.1109\/MCS.2024.3382415"}],"container-title":["Cybersecurity"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1186\/s42400-025-00520-z.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/link.springer.com\/article\/10.1186\/s42400-025-00520-z","content-type":"text\/html","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1186\/s42400-025-00520-z.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,12,26]],"date-time":"2025-12-26T03:01:35Z","timestamp":1766718095000},"score":1,"resource":{"primary":{"URL":"https:\/\/link.springer.com\/10.1186\/s42400-025-00520-z"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2025,12,26]]},"references-count":22,"journal-issue":{"issue":"1","published-online":{"date-parts":[[2025,12]]}},"alternative-id":["520"],"URL":"https:\/\/doi.org\/10.1186\/s42400-025-00520-z","relation":{},"ISSN":["2523-3246"],"issn-type":[{"value":"2523-3246","type":"electronic"}],"subject":[],"published":{"date-parts":[[2025,12,26]]},"assertion":[{"value":"15 May 2025","order":1,"name":"received","label":"Received","group":{"name":"ArticleHistory","label":"Article History"}},{"value":"9 November 2025","order":2,"name":"accepted","label":"Accepted","group":{"name":"ArticleHistory","label":"Article History"}},{"value":"26 December 2025","order":3,"name":"first_online","label":"First Online","group":{"name":"ArticleHistory","label":"Article History"}},{"order":1,"name":"Ethics","group":{"name":"EthicsHeading","label":"Declarations"}},{"value":"The authors declare that they have no known competing financial interests or personal relationships that could have appeared to influence the work reported in this paper.","order":2,"name":"Ethics","group":{"name":"EthicsHeading","label":"Conflict of interest"}}],"article-number":"122"}}